Juniper's new EX series of high-speed switches is aimed directly at enterprises rather than telecom providers, making enterprise-oriented security features a must

By Matt Hines

InfoWorld|Jan 29, 2008

Juniper Networks claims to have added an important piece of technology for delivering on its integrated network security strategy as part of the launch of its high-speed EX-Series of enterprise switches.

With onboard capabilities aimed at extending security functions, including applications usage visibility and NAC (network access control), among others, Juniper executives said that the devices -- the company's first set of high-performance switches targeted directly at enterprises, versus its existing systems aimed at telecommunications providers -- allow the networking gear provider to address demands being made by large customers.

As enterprises replace aging networks with new high-performance equipment, security capabilities are high on the lists of core features that buyers are requesting, said Mark Bauhaus, executive vice president and general manager of the Service Layer Technology Business Group at Juniper.

While the infrastructure-defense tools represent only one aspect of the larger push to make networks faster and more reliable to support business operations, they have become an increasingly central element of customers' long-term goals, the executive said.

Increased integration capabilities established between the new switches and Juniper's existing access control, firewall, intrusion prevention and UTM (unified threat management) products is the most significant aspect of the devices' added security functions, according to Bauhaus. "This truly builds on our strength to do end-to-end security integration," he said. "We're not looking to become a pure-play security vendor, but these are features that customers are looking for in building high-performance networking infrastructure."

In addition to allowing for more unified, integrated security throughout their networking architecture, Bauhaus said that customers are looking to onboard security functions as a way to save money and reduce complexity by replacing other devices, including inline NAC appliances. "Customers clearly want to collapse the sheer number of special-use security devices," he said. "And with the integration to our Unified Access Control technology, we think that this launch represents another important stepping stone by providing customers with the ability to utilize unified access with additional support from their infrastructure."

While rival Cisco Systems has been positioning itself as much as a provider of security tools as a networking specialist for the last several years, at least in terms of its marketing image, Bauhaus said that Juniper is more interested in being viewed as a leading provider of high-speed gear that offers embedded security and standards-based ties to network-defense tools offered by other vendors. All of the security functionality being integrated into the EX-Series switches and Juniper's networking gear is focused primarily on fostering high-performance infrastructure for customers that is also safe and reliable, he said.

Building its products around open industry standards, in particular the security tools, is crucial to allowing third party developers to take advantage of the features, Juniper executives repeatedly stressed at Juniper's Global Enterprise 2008 event held in New York on Tuesday.

Officials from IBM, Microsoft, and Oracle took the stage to endorse the networking company's ability to foster stronger ties with their own products.

Businesses applaud Juniper's moveCalvin Choe, director of technical business development for the Enterprise Networking Group at Microsoft, highlighted the importance of Juniper's work to allow for tight integration between its infrastructure technologies and Microsoft's NAP (Network Access Protection) iteration of NAC, which will arrive next month with the introduction of the software giant's Windows Server 2008 software. NAP is also supported in Microsoft's Windows Vista operating system. "Used with NAP, this will allow network administrators to create policies around identity and assess users' state of compliance to enforce their own set of criteria," said Choe. "The support of standards is important because we wanted to make sure that customers had their choice of switching vendors."

In addition to partners, Juniper also hosted several customers on stage, all of whom mentioned the EX-Series' security features as one of the core strengths of the new product line. "Security is one of the most important things to us, and we wanted an extra layer of access control to deliver defense-in-depth," said Frank Ziegler vice president of communications for the Philadelphia Stock Exchange.

Some industry watchers said that the new EX-Series switches add a crucial piece that had been missing from Juniper's product portfolio from an integrated security standpoint. The new hardware should help the company differentiate from its rivals, including Cisco -- which has aggressively added to its own security holdings over the last several years, said David Willis, a communications market analyst for Gartner. "I think one of the more interesting elements of the launch is Juniper's work to integrate with third parties like Oracle; Cisco has announced similar intentions to do so, but it may take them years to get products ready -- and the size of Cisco's installed base may actually represent a problem in terms of getting products to market," said Willis. "With Cisco, it's also not unusual to run into customers who may have as many as 50 different versions of its OS on its devices, and from that standpoint, sometimes nothing beats a fresh start."

The analyst that just said how much of an advantage the new products could represent on the enterprise market will likely depend on how seriously customers view Juniper's efforts to truly embed security throughout its networking gear versus merely adding individual features.

Other experts said that the addition of the switches' security features could threaten providers of standalone devices, such as inline NAC appliance vendors like ConSentry and Autonomic Networks.

"Clearly the fact that Juniper hasn't had a switching product in this space has limited the reach of UAC, but with customers that have existing investments in Juniper firewalls and VPNs, this could be seen as good news," said Paul Roberts, analyst with The 451 Group. "There's always the question if anyone is really going to do a rip and replace to get NAC functionality, but for companies doing upgrades and looking for the features, this could be a viable option," he said. "In some ways, the new switches may give Juniper the ability to leapfrog Cisco, Extreme Networks, and other rivals with some of these features for access control and applications visibility."